53 lines
2.9 KiB
Plaintext
53 lines
2.9 KiB
Plaintext
|
=== Two-Factor ===
|
||
|
|
Contributors: georgestephanis, valendesigns, stevenkword, extendwings, sgrant, aaroncampbell, johnbillion, stevegrunwell, netweb, kasparsd, alihusnainarshad, passoniate
|
||
|
|
Tags: two factor, two step, authentication, login, totp, fido u2f, u2f, email, backup codes, 2fa, yubikey
|
||
|
|
Requires at least: 4.3
|
||
|
|
Tested up to: 6.2
|
||
|
|
Requires PHP: 5.6
|
||
|
|
Stable tag: 0.8.2
|
||
|
|
|
||
|
|
Enable Two-Factor Authentication using time-based one-time passwords (OTP, Google Authenticator), Universal 2nd Factor (FIDO U2F, YubiKey), email and backup verification codes.
|
||
|
|
|
||
|
|
== Description ==
|
||
|
|
|
||
|
|
Use the "Two-Factor Options" section under "Users" → "Your Profile" to enable and configure one or multiple two-factor authentication providers for your account:
|
||
|
|
|
||
|
|
- Email codes
|
||
|
|
- Time Based One-Time Passwords (TOTP)
|
||
|
|
- FIDO Universal 2nd Factor (U2F)
|
||
|
|
- Backup Codes
|
||
|
|
- Dummy Method (only for testing purposes)
|
||
|
|
|
||
|
|
For more history, see [this post](https://georgestephanis.wordpress.com/2013/08/14/two-cents-on-two-factor/).
|
||
|
|
|
||
|
|
= Actions & Filters =
|
||
|
|
|
||
|
|
Here is a list of action and filter hooks provided by the plugin:
|
||
|
|
|
||
|
|
- `two_factor_providers` filter overrides the available two-factor providers such as email and time-based one-time passwords. Array values are PHP classnames of the two-factor providers.
|
||
|
|
- `two_factor_enabled_providers_for_user` filter overrides the list of two-factor providers enabled for a user. First argument is an array of enabled provider classnames as values, the second argument is the user ID.
|
||
|
|
- `two_factor_user_authenticated` action which receives the logged in `WP_User` object as the first argument for determining the logged in user right after the authentication workflow.
|
||
|
|
- `two_factor_token_ttl` filter overrides the time interval in seconds that an email token is considered after generation. Accepts the time in seconds as the first argument and the ID of the `WP_User` object being authenticated.
|
||
|
|
|
||
|
|
== Frequently Asked Questions ==
|
||
|
|
|
||
|
|
= How can I send feedback or get help with a bug? =
|
||
|
|
|
||
|
|
The best place to report bugs, feature suggestions, or any other (non-security) feedback is at <a href="https://github.com/WordPress/two-factor/issues">the Two Factor GitHub issues page</a>. Before submitting a new issue, please search the existing issues to check if someone else has reported the same feedback.
|
||
|
|
|
||
|
|
= Where can I report security bugs? =
|
||
|
|
|
||
|
|
The plugin contributors and WordPress community take security bugs seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.
|
||
|
|
|
||
|
|
To report a security issue, please visit the [WordPress HackerOne](https://hackerone.com/wordpress) program.
|
||
|
|
|
||
|
|
== Screenshots ==
|
||
|
|
|
||
|
|
1. Two-factor options under User Profile.
|
||
|
|
2. U2F Security Keys section under User Profile.
|
||
|
|
3. Email Code Authentication during WordPress Login.
|
||
|
|
|
||
|
|
== Changelog ==
|
||
|
|
|
||
|
|
See the [release history](https://github.com/wordpress/two-factor/releases).
|